[keycloak-user] New authenticator with CompletableFuture as the only authenticating factor

[Bill Burke]

We don't support async HTTP.  So you either need to block or have your 
login page poll.  If you poll, then your async callback is gonna have to 
re-create a KeycloakSession object.  I suggest you have your 
authenticate() method check to see if a clientSession attribute is set 
or not and have the callback locate the clientSession and set this 
variable.  Hope I'm making sense.


On 2/15/17 10:59 AM, Daniel Radzikowski wrote:
> Hi,
>
> I'm trying to implement new authenticator for Mobile Connect. It is a bit
> unusual flow, where the first method *void
> authenticate(AuthenticationFlowContext context)* before returning a
> challenge, calls a REST API, which prompts user mobile phone with 'Click
> OK' button. This API call waits until the user clicks OK (or timeouts), so
> in order not to block the request, it is wrapped in CompletableFuture and
> the login page (with no inputs) is immediately returned to the browser.
> (browser should't wait for the API call result).
>
> The problem is when the CompletableFuture is completed and calls a
> callback. It's the place where the authentication should occur, but I don't
> have any idea how to do it. The only authenticating factor is OK response
> from this API. Can I set the authentication somehow bypassing the whole
> processor (calling method *action(AuthenticationFlowContext context)* on
> its way)? I thought I will eventually call the *action *from the browser
> (with ajax) and only check if the session is already created. The only
> thing that I can pass to the callback is an AuthenticationFlowContext data
> obtained from the first *action(AuthenticationFlowContext context)* call.
> Is there any way to do it?
>